#!/bin/sh

# action-dcadmin
#
# This file works in combination with monitor-dcadmin
# the monitor-dcadmin script runs the fileschanged program
# in the background and executes this script whenever a
# change is detected in the file dcdata (without md5).
#
# In this script we interpret the actions in the dcdata
# file and exectute the various functions to manage the
# domain (e.g. add, delete users and domain settings).
#
# Author: M.Post
# Last modified: 27 September 2011

WORKDIR=/var/www/dcadmin/dctmp
RESULTS=/tmp/dcadmin.results
LOGFILE=/tmp/dcadmin.log
LOG_ENABLED=1
DC_GROUP=domain


# --- script follows ---

MD5=`head -n 1 $WORKDIR/dcdata`

WORKFILE=$WORKDIR/dcdata_$MD5

if test $LOG_ENABLED -eq 1
then
  echo "`date` change detected in dcdata file" >> $LOGFILE
  echo "MD5 = $MD5" >> $LOGFILE
fi


if test -f $WORKFILE
then
  ACTION=`head -n 1 $WORKFILE`

  if test $LOG_ENABLED -eq 1
  then
    echo "WORKFILE = $WORKFILE" >> $LOGFILE
    echo "ACTION = $ACTION" >> $LOGFILE
  fi


  # --- Begin: ADD DOMAIN USER ACCOUNT --- 
  # --- Begin: ADD DOMAIN USER ACCOUNT --- 
  # --- Begin: ADD DOMAIN USER ACCOUNT --- 

  if [ "$ACTION" = "adduser" ]
  then

    ADD_ACCOUNT_STATUS=0
    # status legend:
    # 0 - account creation incomplete but ok so far
    # 1 - account creation successful
    # 2 - error: could not create unix account
    # 3 - error: could not set unix password
    # 4 - error: could not create samba account
    # 5 - error: could not set samba password
    # 6 - error: could not create domain group

    VALIDATION_STATUS=0
    # status legend:
    # 0 - validation incomplete but ok so far
    # 1 - validated ok
    # 2 - error: username empty or contains spaces
    # 3 - error: username already exists
    # 4 - error: other username error
    # 5 - error: password empty
    # 6 - error: password too short
  

    DC_USER=`head -n 2 $WORKFILE | tail -n 1 | grep user | awk -F : '{print $2}'`
    DC_PASS=`head -n 3 $WORKFILE | tail -n 1 | grep pass | awk -F : '{print $2}'`


    # validate input fields

    # validate user name
    if test -z "$DC_USER"  
    then
      echo "Error: username empty" >> $RESULTS
      if test $LOG_ENABLED -eq 1
      then
        echo "Error: username empty" >> $LOGFILE
      fi

      VALIDATION_STATUS=2

    else

      if echo "$DC_USER" | grep " "
      then
        echo "Error: username contains spaces" >> $RESULTS
        if test $LOG_ENABLED -eq 1
        then
          echo "Error: username contains spaces" >> $LOGFILE
        fi
        VALIDATION_STATUS=2

      else

        # test if user account already exists
       
        if cat /etc/passwd | awk -F : '{print $1}' | grep ^$DC_USER$ > /dev/null
        then

          echo "Error: username already exists" >> $RESULTS
          if test $LOG_ENABLED -eq 1
          then
            echo "Error: username already exists" >> $LOGFILE
          fi
          VALIDATION_STATUS=3

        else
          if test $LOG_ENABLED -eq 1
          then
            echo "Username validation: passed" >> $LOGFILE
          fi

        fi 

      fi

    fi

 
    if test $VALIDATION_STATUS -eq 0 
    then

      # validate password
      if test -z "$DC_PASS" 
      then
        echo "Error: password empty" >> $RESULTS
        if test $LOG_ENABLED -eq 1
        then
          echo "Error: password empty" >> $LOGFILE
        fi
        VALIDATION_STATUS=5

      else
      
        # test password length

        PWLEN=${#DC_PASS}

        if test $PWLEN -le 8
        then
          echo "Error: password too short" >> $RESULTS

          if test $LOG_ENABLED -eq 1
          then
            echo "Error: password too short" >> $LOGFILE
          fi
          VALIDATION_STATUS=6 

        else
          if test $LOG_ENABLED -eq 1
          then
            echo "Password validation: passed" >> $LOGFILE
          fi
          VALIDATION_STATUS=1

        fi 

      fi
    fi


    # validation process completed, proceeding with account creation 

    if test $VALIDATION_STATUS -eq 1
    then

      # input fields passed validation, proceed with creating account

      if test $LOG_ENABLED -eq 1
      then
        echo "Result: validation successful, proceeding with creating account" >> $LOGFILE

        echo "Adding user: $DC_USER" >> $LOGFILE
        # echo "Password: $DC_PASS" >> $LOGFILE
        echo "Password: (hidden)" >> $LOGFILE
      fi 


      # check if domain group exists. Create one if not present.

      if cat /etc/group | awk -F : '{print $1}' | grep ^$DC_GROUP$ > /dev/null
      then

          if test $LOG_ENABLED -eq 1
          then
            echo "Using existing domain group: $DC_GROUP" >> $LOGFILE
          fi

      else

          # domain group doesn't exist, try to create one now

          if groupadd $DC_GROUP
          then
            echo "Created $DC_GROUP group: success" >> $RESULTS

            if test $LOG_ENABLED -eq 1
            then
              echo "Created $DC_GROUP group: success" >> $LOGFILE
            fi

          else

            echo "Created $DC_GROUP group: failed!" >> $RESULTS

            if test $LOG_ENABLED -eq 1
            then
              echo "Created $DC_GROUP group: failed!" >> $LOGFILE
            fi
            ADD_ACCOUNT_STATUS=6

          fi

      fi 


      if test $ADD_ACCOUNT_STATUS -eq 0
      then

        # create a new local unix user account

        if useradd $DC_USER -g $DC_GROUP -m
        then
          echo "Creating local Unix account: success" >> $RESULTS
          if test $LOG_ENABLED -eq 1
          then
            echo "Creating local Unix account: success" >> $LOGFILE
          fi 

          # set unix password
          if echo $DC_USER:"$DC_PASS" | chpasswd 
          then
            echo "Setting unix password for account: success" >> $RESULTS
            if test $LOG_ENABLED -eq 1
            then
              echo "Setting unix password for account: success" >> $LOGFILE
            fi
          else
            echo "Setting unix password for account: failed" >> $RESULTS
            if test $LOG_ENABLED -eq 1
            then
              echo "Setting unix password for account: failed" >> $LOGFILE
            fi 
            ADD_ACCOUNT_STATUS=3
          fi
  
        else
          echo "Creating local Unix account: failed!" >> $RESULTS
          if test $LOG_ENABLED -eq 1
          then
            echo "Creating local Unix account: failed!" >> $LOGFILE
          fi
          ADD_ACCOUNT_STATUS=2

        fi
     
      fi
 
      # finished creating unix account, proceed with creating samba account

      if test $ADD_ACCOUNT_STATUS -eq 0
      then

        # proceed with creating samba account

        if (echo $DC_PASS; echo $DC_PASS) | smbpasswd -as $DC_USER > /dev/null
        then
          echo "Creating samba user: success" >> $RESULTS
          if test $LOG_ENABLED -eq 1
          then
            echo "Creating samba user: success" >> $LOGFILE
          fi
          ADD_ACCOUNT_STATUS=1

        else
          echo "Creating samba user: failed" >> $RESULTS
          if test $LOG_ENABLED -eq 1
          then
            echo "Creating samba user: failed" >> $LOGFILE
          fi
          ADD_ACCOUNT_STATUS=2

        fi

      else

        # account creation failed, throw error and exit
        echo "Result: account creation failed!" >> $RESULTS
        if test $LOG_ENABLED -eq 1
        then
          echo "Result: account creation failed!" >> $LOGFILE
        fi

      fi



    else
      
      # validation failed, throw error and exit
      echo "Result: validation failed, account not created" >> $RESULTS
      if test $LOG_ENABLED -eq 1
      then
        echo "Result: validation failed, account not created" >> $LOGFILE
      fi

    fi

  fi

  # --- End: ADD DOMAIN USER ACCOUNT --- 


  # --- Begin: MODIFY DOMAIN USER ACCOUNT --- 
  # --- Begin: MODIFY DOMAIN USER ACCOUNT --- 
  # --- Begin: MODIFY DOMAIN USER ACCOUNT --- 

  if [ "$ACTION" = "moduser" ]
  then
    
    USERMOD_ACTION=`head -n 2 $WORKFILE | tail -n 1 | grep action | awk -F : '{print $2}'`
 
    if test $LOG_ENABLED -eq 1
    then
      echo "modify user accounts selected" >> $LOGFILE 
    fi

 
    if [ "$USERMOD_ACTION" = "show" ]
    then

      # get the gid for the group DC_GROUP

      DC_GROUP_GID=`getent group $DC_GROUP | cut -d: -f3`
      echo "<table border=1>" >> $RESULTS
      cat /etc/passwd | grep $DC_GROUP_GID | awk -F : '{print "<tr><td><a href=index.php?usermod=",$1}{print ">",$1,"</a></td></tr>"}' | sed s/=\ /=/ >> $RESULTS

      echo "</table>" >> $RESULTS

    fi

  fi

  # --- End: MODIFY DOMAIN USER ACCOUNT --- 

 
  rm -f $WORKDIR/dcdata_*

else

  echo "WORKFILE $WORKFILE not found" >> $RESULTS

  if test $LOG_ENABLED -eq 1
  then

    echo "WORKFILE $WORKFILE not found" >> $LOGFILE

  fi

fi

# give the results showing process some time to pick up
# that the results file exists and display it in a browser
sleep 3

rm -f $RESULTS

# That's all folks!
